Hover Stories: Brian Krebs from Krebs On Security

By Hover

The Internet is a wonderful place where anyone can come to explore, learn and share with others across the globe. Unfortunately, there are also people who use this great platform to exploit, steal and do other harmful things to unsuspecting victims. That’s where Brian Krebs comes in.

For the past decade, Brian has devoted nearly all of his waking hours to infiltrating and uncovering the seedy underworld of the Internet. His blog Krebs On Security is the web’s go-to source for commentary on the world of Internet security, and many consider him to be the most trusted journalist on the subject. He’s uncovered many stories and schemes, which has put him in numerous compromising scenarios over the years.

“It’s never a dull moment, that’s for sure,” Brian reminisces. “And it’s not for the faint of heart or those who are easily deterred by threats – legal, physical or otherwise.”

How It All Started

Fifteen years ago, if you would have told Brian that he would become one of the leading experts in cybersecurity, he would probably say that you have him confused with someone else. This is because his interest in the subject started entirely by accident, after his computer became overrun by a virus.

In 2001, Brian was playing around with a default installation of Red Hat Linux (6.2) on a Hewlett-Packard system, and decided to try turning his spare computer into an oversized firewall. During this process, a Chinese hacking group overran his home network and locked him out of his system – not once, but twice.

It was at this point that Brian became determined to learn as much as on computer and Internet security as possible. Rather than reading a few books and moving on, though, he has only gotten more involved and passionate as the days, month and years rolled on.

Becoming A Blogger

As Brian learned more and more about cybersecurity, he decided it would be worthwhile to share his findings with others. At the time, he was a reporter for The Washington Post, and in 2005 he launched the publication’s Security Fix blog. It was here that Brian got his start infiltrating online forums and chat rooms where criminals conspired from, leading to exclusive findings that helped build up his reputation.

In 2009, the Post merged its online and print newsrooms and as a result Brian was let go from his position. Though it came as a shock initially, it turned out to be a blessing in disguise.

“Having my job eliminated was probably the best thing that ever happened to me,” he reflects. “Of course, at first it was difficult and upsetting, but I also did not wish to go back into another big newsroom or be asked to write about subjects that I don’t find as fascinating or as critical as information security and cybercrime.”

Through his own blog, Brian is able to focus on exactly what he wants to focus on without any of the editorial and bureaucratic restrictions that can typically be found at a larger organization. The tradeoff is that unlike a large organization, there is no one else to outsource other tasks to. “I’ve never worked harder before than I have these past five years,” he explains, “but then again it’s never seemed less like work, and I’ve never been happier.”

Brian’s investigative journalism has taken him deep into the underground world of cybercrime, where he has employed a number of tactics to build relationships with other experts and even the cybercriminals themselves. He even taught himself Russian to help his research, since this is the language that many of them speak.

He’s uncovered many schemes, though his biggest story so far was uncovering the theft of tens of millions of payment card numbers from Target. This led to a lot of media coverage, all because of Brian’s tireless work to uncover this operation. Had he not done so, the story would have likely never gotten out, since companies will often keep these data breaches quiet because the harm from negative press can outweigh whatever harm the data breach has caused.

Danger

Devoting your life to thwarting criminals can definitely have its scary side, even when doing so online. Brian’s home office is equipped with a monitor showing live feeds from cameras surveilling his home, as well as 12-gauge shotgun beside his desk. You might at first think he’s being overly paranoid, but he’s definitely been given good reason to be cautious over the years.

A few years ago, Brian was preparing to have his mother over for dinner. When he answered the door, he was instead greeted by a SWAT team pointing guns in his face and handcuffing him. Apparently, someone had reported that a murder had taken place at his home, all of which was cleared up once his wife returned home from buying groceries.

Another time, someone sent funeral flowers to his house addressed to his wife. Then there was the time that someone sent heroin to his house and called the police pretending to be a concerned neighbour, only this time he knew that the parcel was coming and was able to alert the authorities beforehand.

Advice

Brian has managed to make a full-time living through his blog, earning even more than he did through his position at The Washington Post. You might be surprised to hear that given how particular his topic seems, but Brian believes that that’s the key.

“If you have passion and deep knowledge for a particular niche, it’s definitely possible to make a full time living writing about that niche,” he explains. “The trick is to focus on creating useful, engaging content that can’t be found anywhere else.”

It’s also crucial to keep at it and to post content as much as possible. “It’s important to do this not just once or twice a week, but nearly every day (or at least weekday),” he recommends. “People come back time and again when they have an expectation that they can rely on you for regular updates and a unique take on your speciality.”

It’s a lot more difficult being on your own, but being able to focus only on what you love doing is the ultimate reward. “The biggest challenge and what for me took the most getting used to after leaving a big newsroom is having to explain over and over who you are and that it’s just you — not some big publication,” he explains. “Corporate gatekeepers and executive assistants are the worst, because even after you tell them that you’re an independent reporter, they usually ask, ‘Okay, but with what publication?’”

We’re thrilled to have been Brian’s choice for managing his domain name. Search for your own domain below!